use of net.sourceforge.prograde.policyparser.ParsedPolicy in project ddf by codice.
the class PermissionActivator method start.
@SuppressWarnings("squid:S1149")
@Override
public void start(BundleContext bundleContext) throws Exception {
System.setProperty("/", File.separator);
this.conditionalPermissionAdmin = getConditionalPermissionAdmin(bundleContext);
String policyDir = SecurityActions.getSystemProperty("ddf.home") + File.separator + "security";
if (policyDir.startsWith("=")) {
policyDir = policyDir.substring(1);
}
File policyDirFile = new File(policyDir);
List<ParsedPolicy> parsedPolicies = new ArrayList<>();
for (File file : Objects.requireNonNull(policyDirFile.listFiles())) {
ParsedPolicy parse = null;
try {
parse = new Parser(false).parse(file);
} catch (Exception e) {
systemExit(file);
}
parsedPolicies.add(parse);
}
ConditionalPermissionUpdate conditionalPermissionUpdate = conditionalPermissionAdmin.newConditionalPermissionUpdate();
conditionalPermissionUpdate.getConditionalPermissionInfos().clear();
this.priorityResult = null;
List<ConditionalPermissionInfo> allGrantInfos = new ArrayList<>();
List<ConditionalPermissionInfo> allDenyInfos = new ArrayList<>();
for (ParsedPolicy parsedPolicy : parsedPolicies) {
List<ParsedPolicyEntry> grantEntries = parsedPolicy.getGrantEntries();
List<ParsedPolicyEntry> denyEntries = parsedPolicy.getDenyEntries();
buildConditionalPermissionInfo(grantEntries, allGrantInfos, ConditionalPermissionInfo.ALLOW);
buildConditionalPermissionInfo(denyEntries, allDenyInfos, ConditionalPermissionInfo.DENY);
Priority priority = parsedPolicy.getPriority();
if (priorityResult == null) {
this.priorityResult = priority;
} else if (priority != priorityResult) {
// if they don't match, then we can't make a determination on the priority, so we'll
// default to deny
this.priorityResult = Priority.DENY;
}
}
if (priorityResult == null && !allGrantInfos.isEmpty() && !allDenyInfos.isEmpty()) {
this.priorityResult = Priority.GRANT;
}
if (priorityResult == Priority.GRANT) {
conditionalPermissionUpdate.getConditionalPermissionInfos().addAll(allGrantInfos);
conditionalPermissionUpdate.getConditionalPermissionInfos().addAll(allDenyInfos);
conditionalPermissionUpdate.getConditionalPermissionInfos().add(getAllPermission(ConditionalPermissionInfo.ALLOW));
} else if (priorityResult == Priority.DENY) {
conditionalPermissionUpdate.getConditionalPermissionInfos().addAll(allDenyInfos);
conditionalPermissionUpdate.getConditionalPermissionInfos().addAll(allGrantInfos);
conditionalPermissionUpdate.getConditionalPermissionInfos().add(getAllPermission(ConditionalPermissionInfo.DENY));
}
conditionalPermissionUpdate.commit();
}
use of net.sourceforge.prograde.policyparser.ParsedPolicy in project ddf by codice.
the class PermissionActivator method grantPermission.
public void grantPermission(String bundle, String permission) throws Exception {
synchronized (this) {
// use the parsed policy to make it easier to parse the permission string
final ParsedPolicy parsedPolicy = new Parser(false).parse(new StringReader(String.format("grant codebase \"file:/%s\" { permission %s; }", bundle, permission)));
final List<ParsedPolicyEntry> grantEntries = parsedPolicy.getGrantEntries();
final List<ConditionalPermissionInfo> allGrantInfos = new ArrayList<>();
final ConditionalPermissionUpdate conditionalPermissionUpdate = conditionalPermissionAdmin.newConditionalPermissionUpdate();
buildConditionalPermissionInfo(grantEntries, allGrantInfos, ConditionalPermissionInfo.ALLOW);
final ConditionalPermissionInfo grantInfo = allGrantInfos.get(0);
final List<ConditionalPermissionInfo> conditionalInfos = conditionalPermissionUpdate.getConditionalPermissionInfos();
boolean added = false;
// brand new conditional permission
for (final ListIterator<ConditionalPermissionInfo> i = conditionalInfos.listIterator(); i.hasNext(); ) {
final ConditionalPermissionInfo permInfo = i.next();
if (Objects.equals(grantInfo.getAccessDecision(), permInfo.getAccessDecision()) && Arrays.equals(grantInfo.getPermissionInfos(), permInfo.getPermissionInfos())) {
final ConditionInfo[] conditions = permInfo.getConditionInfos();
if ((conditions != null) && (conditions.length == 1) && BUNDLE_NAME_CONDITION.equals(conditions[0].getType())) {
final String[] bundles = conditions[0].getArgs();
final String[] newBundles = new String[bundles.length + 1];
System.arraycopy(bundles, 0, newBundles, 0, bundles.length);
newBundles[bundles.length] = bundle;
final ConditionalPermissionInfo newPermInfo = conditionalPermissionAdmin.newConditionalPermissionInfo(permInfo.getName(), new ConditionInfo[] { new ConditionInfo(BUNDLE_NAME_CONDITION, newBundles) }, permInfo.getPermissionInfos(), permInfo.getAccessDecision());
i.set(newPermInfo);
added = true;
break;
}
}
}
if (!added) {
// if priority is to grant then insert at the top, otherwise insert before
// the last entry which always reference an all-permission to deny
final int index = (priorityResult == Priority.GRANT) ? 0 : conditionalInfos.size() - 1;
conditionalInfos.add(index, grantInfo);
}
conditionalPermissionUpdate.commit();
}
}
Aggregations